A complex data type that contains information about revoked
certificates.
RevocationInformation
variables are
members of
CertificateInformation
variables.
For information about data that can be accessed using Xpath Expressions,
see
Data items
.
Data items
The data items that
RevocationInformation
variables
contain.
data
A
byte
value
that represents the revocation identifier.
source
A
string
value
that represents the source that was used to retrieve revocation information.
status
A
string
value
that represents the status of the revocation for the certificate. These
values are string valid:
-
Unknown:
-
The status could not be verified.
-
Cache:
-
The status of the revocation is cached on AEM forms Server.
-
Online:
-
The status of the revocation is determined by accessing the
network.
-
Embedded:
-
The status of the revocation is embedded from the certificate.
-
DocumentSecurityStore:
-
The status of the revocation is retrieved from the trust
store settings on AEM forms Server.
statusMessage
A
string
value
that represents the revocation status message. The messages provide
information about the reason for the revocation. For example, a
message such as “Must sign the OCSP request” means that the OCSP
response must be signed. The following are valid messages where
[Addition information provided.]
represents
additional information provided by AEM forms Server.
-
OCSPNoCheck Extension is not allowed
-
OCSP CertHash Extension is required
-
OCSP CertHash in the response does not match the request
certificate
-
Must sign the OCSP request
-
OCSP response signature is invalid
-
OCSP request generation error:
[Addition information provided.]
-
OCSP request was null
-
OCSP response parsing error:
[Addition information provided.]
-
OCSP transport error:
[Addition information provided.]
-
OCSP response has expired or is not yet valid
-
OCSP response and request nonce does not match
-
No CRL DPs found
-
Unable to process a CRL DP:
[Addition information provided.]
-
Unable to retrieve CRL from:
[Addition information provided.]
with
error:
-
CRL thisUpdate is in the future
-
CRL has expired or is not yet valid
-
This is a delta CRL. Delta CRLs are not supported in this
version.
-
CRL parsing error:
[Addition information provided.]
-
CRL KeyID does not match
-
CRL Authority Key ID extension is required
-
CRL signature verification with issuer failed
-
CRL Verification failure error:
[Addition information provided.]
-
CRL Issuer does not have a valid key usage
-
No Valid CRL issuer found
-
CRL or one of its entries contains an unrecognized critical
extension
-
No Valid CRL found in messages that can be returned:
type
A
string
value
that represents the type of revocation information used. These string
values are valid:
-
CRL:
-
Certificate Revocation List
-
OCSP:
-
Online Certificate Status Protocol
validFrom
A
dateTime
value
that specifies the start date and time when the revocation is first
valid.
validTo
A
dateTime
value
that specifies the end date and time the revocation is valid. If this
value is empty, the revocation information did not have a NextUpdate
value present.
|
|
|